Submeter #792231: LangGenius Dify <= 0.6.9 Server-Side Request Forgery (CWE-918)informação

Título	LangGenius Dify <= 0.6.9 Server-Side Request Forgery (CWE-918)
Descrição	# Technical Details A Blind Server-Side Request Forgery (SSRF) vulnerability exists in the `get_api_tool_provider_remote_schema` method of the `ApiToolManageService` component in Dify. While Dify typically uses an internal `core.helper.ssrf_proxy` mechanism to safely fetch external resources, this specific API tool fetch function bypasses the proxy entirely. It directly utilizes an `httpx.get` call on user-provided URLs without validating whether the target address points to private or internal network ranges. # Vulnerable Code File: api/services/tools/api_tools_manage_service.py Method: get_api_tool_provider_remote_schema Why: The function takes a `url` parameter supplied by the user (intended to point to a remote OpenAPI JSON schema definition). The function directly calls `response = get(url, headers=headers, timeout=10)` (where `get` is imported directly from `httpx`). There is zero IP filtering or proxy redirection applied to the request. # Reproduction 1. Authenticate to the Dify API console to obtain a valid access token and CSRF token. 2. Send an HTTP GET request to the vulnerable endpoint: `/console/api/workspaces/current/tool-provider/api/remote` passing an internal or cloud metadata URL in the query parameter (e.g., `?url=http://x.x.x.x/` or `?url=http://docker_redis_1:6379/`). 3. Observe the server's response: - If the internal port is OPEN (e.g., Redis): The Dify server connects, receives the raw service data (which fails JSON parsing), and returns an `invalid_param` error. - If the internal port is CLOSED: The Dify server returns a connection timeout or connection refused error. 4. Using these error differentials, an attacker can map the internal network. # Impact - Internal Network Reconnaissance (Attackers can map internal IPs and open ports via error differentials). - Cloud Metadata Access (Retrieval of instance metadata and IAM credentials in AWS/GCP/Azure environments). - Internal Service Interaction (Triggering GET-based state-changing actions on internal REST APIs).
Fonte	⚠️ https://gist.github.com/chenhouser2025/306c6a7ad6aff9bc9a7fa76d5df38c63
Utilizador	Eric-g (UID 96879)
Submissão	29/03/2026 05h58 (há 22 dias)
Moderação	19/04/2026 18h18 (22 days later)
Estado	Aceite
Entrada VulDB	358252 [langgenius dify até 0.6.9 ApiToolManageService api_tools_manage_service.py get_api_tool_provider_remote_schema url Elevação de Privilégios]
Pontos	20

◂ Voltar Visão Geral Próximo ▸

Do you know our Splunk app?

Download it now for free!